You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Davide Romanini <d....@cineca.it> on 2005/06/20 09:44:50 UTC
SecureConversation and WSS4J
Hi,
I writing a WebService that should be consumed by a .NET client with
WSE2 and I'm asked to secure the WS using WS-SecureConversation. I know
that the initial authentication (to obtain a SecurityContextToken)
should happen using X.509 certs. I wuold like to use WSS4j for this, but
I don't find so much documentation about this. I builded the source from
CVS and I heard that someone is using WSS4J in such contexts. I looked
around the source but it's a bit hard to understand how to configure it.
Specifically I don't understand what piece of code actually handles the
RequestSecurityToken for initialization of the Context and how to
configure it to authenticate using X.509.
I know also that the context can be initialized by the requestor sending
an unsolicited RSTR in the header of the SOAP message (correct me if I'm
wrong). WSS4J can handle this?
Moreover the .NET client seems to use the Entropy tag to establish the
Context, WSS4J works with that?
Please any help to better understand how to configure WSS4J is
appreciated.
Thanks,
Davide Romanini
Re: SecureConversation and WSS4J
Posted by Davanum Srinivas <da...@gmail.com>.
Ruchith,
Is'nt it a matter of a week or so of work?
thanks,
dims
On 6/21/05, Davide Romanini <d....@cineca.it> wrote:
> Il giorno lun, 20/06/2005 alle 08.02 +0000, Ruchith Fernando ha scritto:
> > Hi David,
> >
> > Ws-Trust and WS-Secure Conversation is being implemented in WSS4J. But
> > right now the implementations are going through some major
> > re-factoring and still incomplete. Therefore at the moment you CANNOT
> > use WSS4J to get the WS - Sec Conv and WS -Trust functionalities :-(.
> >
> > Best regards
> > Ruchith
>
> Can anybody point me to other solutions, such as commercial
> implementations I could use?
>
> Do I really need to use a .NET (WSE2) server to cope with this stuff??
>
> Thanks,
> Davide Romanini
>
>
--
Davanum Srinivas -http://blogs.cocoondev.org/dims/
Re: SecureConversation and WSS4J
Posted by Davide Romanini <d....@cineca.it>.
Il giorno lun, 20/06/2005 alle 08.02 +0000, Ruchith Fernando ha scritto:
> Hi David,
>
> Ws-Trust and WS-Secure Conversation is being implemented in WSS4J. But
> right now the implementations are going through some major
> re-factoring and still incomplete. Therefore at the moment you CANNOT
> use WSS4J to get the WS - Sec Conv and WS -Trust functionalities :-(.
>
> Best regards
> Ruchith
Can anybody point me to other solutions, such as commercial
implementations I could use?
Do I really need to use a .NET (WSE2) server to cope with this stuff??
Thanks,
Davide Romanini
Re: SecureConversation and WSS4J
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi David,
Ws-Trust and WS-Secure Conversation is being implemented in WSS4J. But
right now the implementations are going through some major
re-factoring and still incomplete. Therefore at the moment you CANNOT
use WSS4J to get the WS - Sec Conv and WS -Trust functionalities :-(.
Best regards
Ruchith
On 6/20/05, Davide Romanini <d....@cineca.it> wrote:
> Hi,
>
> I writing a WebService that should be consumed by a .NET client with
> WSE2 and I'm asked to secure the WS using WS-SecureConversation. I know
> that the initial authentication (to obtain a SecurityContextToken)
> should happen using X.509 certs. I wuold like to use WSS4j for this, but
> I don't find so much documentation about this. I builded the source from
> CVS and I heard that someone is using WSS4J in such contexts. I looked
> around the source but it's a bit hard to understand how to configure it.
>
> Specifically I don't understand what piece of code actually handles the
> RequestSecurityToken for initialization of the Context and how to
> configure it to authenticate using X.509.
> I know also that the context can be initialized by the requestor sending
> an unsolicited RSTR in the header of the SOAP message (correct me if I'm
> wrong). WSS4J can handle this?
> Moreover the .NET client seems to use the Entropy tag to establish the
> Context, WSS4J works with that?
>
> Please any help to better understand how to configure WSS4J is
> appreciated.
>
> Thanks,
> Davide Romanini
>
>
--
Ruchith Fernando
www.ruchith.org